feat: rate limiting + internal health monitor + secure VAPID note
Rate limiting: - Shop POST endpoints get per-IP throttles with distinct prefixes so login, register, password-email, and password-reset have separate buckets: login/register/pw-reset = 5/min, pw-email = 3/min - OcrInvoiceService gates per-tenant via RateLimiter (30/hour) so a runaway uploader can't burn Claude Vision spend Health monitor (poor-man's monitoring): - HealthCheckCommand probes DB (SELECT 1), cache write/read, public storage write/read, and most-recent backup age. On any failure, pushes a Telegram alert via HEALTH_ALERT_BOT_TOKEN/HEALTH_ALERT_CHAT_ID. Dedups identical failures within a 30-min window via cache. - Scheduled every 10 min. Pair with external uptime monitoring (UptimeRobot, Better Stack hitting /up) for total-outage coverage. - .env.example documents the two new env vars. VAPID secret hygiene: - credentials.md no longer stores the VAPID_PRIVATE_KEY; the source of truth is the Coolify env on the autocrm app. Doc points to where to read it (UI or API). Mitigates accidental git leak. Tests (4 new): - shop login throttles after 5 attempts (6th = 429); register throttle is independent of login (separate prefix); health command runs clean; dedup cache path exercised Full suite: 138 passed. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -63,6 +63,12 @@ VAPID_SUBJECT=mailto:admin@service.mir.md
|
||||
VAPID_PUBLIC_KEY=
|
||||
VAPID_PRIVATE_KEY=
|
||||
|
||||
# Internal health monitor → Telegram alerts every 10 min on DB/cache/storage/backup failure.
|
||||
# Create a separate bot at @BotFather and a private group; put the bot in it
|
||||
# and use the group's chat_id (negative number).
|
||||
HEALTH_ALERT_BOT_TOKEN=
|
||||
HEALTH_ALERT_CHAT_ID=
|
||||
|
||||
# Storage — local pentru MVP, S3-compatible mai târziu
|
||||
FILESYSTEM_DISK=local
|
||||
|
||||
|
||||
Reference in New Issue
Block a user